<?php

namespace app\common\library;

use think\Config;
use app\admin\model\AuthGroupAccess;
use app\admin\model\AuthGroup;

/**
 * 小程序权限验证工具类
 */
class MiniProgramAuth
{
    /**
     * 检查管理员是否有指定权限
     * @param int $adminId 管理员ID
     * @param string $permission 权限名称
     * @return bool
     */
    public static function checkPermission($adminId, $permission)
    {
        // 获取管理员所在的分组
        $groupIds = self::getAdminGroupIds($adminId);
        
        if (empty($groupIds)) {
            return false;
        }
        
        // 获取权限配置
        $permissions = Config::get('scanwork_permissions.miniprogram_permissions');
        $checkConfig = Config::get('scanwork_permissions.permission_check');
        
        // 检查是否为超级管理员
        if (in_array($checkConfig['super_admin_group_id'], $groupIds)) {
            return true;
        }
        
        // 检查每个分组的权限
        foreach ($groupIds as $groupId) {
            if (isset($permissions[$groupId])) {
                $groupPermissions = $permissions[$groupId]['permissions'];
                foreach ($groupPermissions as $module => $permissions) {
                    if (isset($permissions[$permission]) && $permissions[$permission]) {
                        return true;
                    }
                }
            }
        }
        
        return false;
    }
    
    /**
     * 获取管理员所在的分组ID列表
     * @param int $adminId 管理员ID
     * @return array
     */
    public static function getAdminGroupIds($adminId)
    {
        $groupAccess = AuthGroupAccess::where('uid', $adminId)->select();
        $groupIds = [];
        
        foreach ($groupAccess as $access) {
            $groupIds[] = $access->group_id;
        }
        
        return $groupIds;
    }
    
    /**
     * 获取管理员的权限列表
     * @param int $adminId 管理员ID
     * @return array
     */
    public static function getAdminPermissions($adminId)
    {
        $groupIds = self::getAdminGroupIds($adminId);
        $permissions = Config::get('scanwork_permissions.miniprogram_permissions');
        $checkConfig = Config::get('scanwork_permissions.permission_check');
        
        $adminPermissions = [];
        
        // 检查是否为超级管理员
        if (in_array($checkConfig['super_admin_group_id'], $groupIds)) {
            // 超级管理员拥有所有权限
            foreach ($permissions as $groupId => $groupConfig) {
                foreach ($groupConfig['permissions'] as $module => $modulePermissions) {
                    foreach ($modulePermissions as $permission => $hasPermission) {
                        if ($hasPermission) {
                            $adminPermissions[$permission] = true;
                        }
                    }
                }
            }
            return $adminPermissions;
        }
        
        // 合并所有分组的权限
        foreach ($groupIds as $groupId) {
            if (isset($permissions[$groupId])) {
                $groupPermissions = $permissions[$groupId]['permissions'];
                foreach ($groupPermissions as $module => $modulePermissions) {
                    foreach ($modulePermissions as $permission => $hasPermission) {
                        if ($hasPermission) {
                            $adminPermissions[$permission] = true;
                        }
                    }
                }
            }
        }
        
        return $adminPermissions;
    }
    
    /**
     * 获取管理员的分组信息
     * @param int $adminId 管理员ID
     * @return array
     */
    public static function getAdminGroups($adminId)
    {
        $groupAccess = AuthGroupAccess::where('uid', $adminId)
            ->alias('ga')
            ->join('fa_auth_group g', 'ga.group_id = g.id')
            ->field('g.id, g.name, g.title')
            ->select();
            
        $groups = [];
        foreach ($groupAccess as $group) {
            $groups[] = [
                'id' => $group->id,
                'name' => $group->name,
                'title' => $group->title
            ];
        }
        
        return $groups;
    }
}
